Exec’s Claim That Xcitium ‘Stops All Malware’ Ignites MSP Social Media Firestorm
Huntress CEO Kyle Hanslovan tells CRN that he is frustrated by vendors making ‘insane, outlandish claims’ that they offer 100 percent security protection. ‘For me, the bigger problem is vendor accountability and misrepresentation,’ he says.
Greg Wyman’s claim in a LinkedIn post that cybersecurity company Xcitium’s software product is completely malware proof took a left turn into a social media mudslinging with cyber CEOs going to bat in the name of security.
“Xcitium Zero Breach stops all malware, including all unknown files from infecting you or your customers,” boasted Wyman, who is listed on LinkedIn as vice president of Australia and New Zealand for Xcitium and also as a vice president for A51 Software, an Xcitium partner that works with companies to build their presence in Asia Pacific. “DISCOVER ZERO TRUST. ZERO THREAT. ZERO BREACH in Australia and NZ, book a demo.”
Huntress CEO Kyle Hanslovan – who has a rabid MSP following on social media- simply replied: “Those are some pretty bold statements.”
Xcitium founder and former CEO Melih Abdulhayoglu fired back, calling out Hanslovan in a now-deleted post last Saturday which triggered a social media frenzy with more than 150 comments – from MSPs and other vendors – on both the malware claims and a tit-for-tat battle between the two executives.
“Kyle Hanslovan for the sake of transparency: Would you please reveal how many of your customers got breached (in the) last 2 years while under your protection? As you know we do make our data public and would invite you to also release your data,” wrote Abdulhayoglu, the current CEO of MAVeCap, a venture capital firm, that has invested in Xcitium. “Do tell everyone that it was YOU who started all of this. (hoping you are man enough to own this fact).”
Hanslovan responded that “breached has a real legal meaning.”
“I think you’re probably referring to incidents,” Hanslovan commented. “Considering that we focus on detection and response and only augment AV, I suppose you’re maybe on the hunt for reported incidents that slipped by Huntress? We could probably manually track that data down, but I’m not wasting my team’s time with your bullshit because we would never tell someone we ‘stop all malware.’ Gaslight with side distractions all you want, you should have just agreed that claim was bold and move on.”
What ensued was name calling and drama usually reserved for reality TV with Abdulhayoglu, who founded Bloomfield, NJ-based cybersecurity firm Xcitium that was rebranded from Comodo in July, caught up in the back-and-forth alongside Hanslovan and others.
‘It Was Kyle Hanslovan Starting It All’
“It was Kyle Hanslovan starting it all,” was the argument repeatedly made by Abdulhayoglu, who called out Hanslovan for “trolling one of our resellers first.”
“I did start it,” Hanslovan told CRN. “I did make the statement of, ‘Why is everybody making such bold statements?’ It was a bold claim. There is no sugarcoating it.
“But boy, the follow-up comments sure started getting in there, so it was a little bit spicy,” he added.
Wyman deferred all comments to Abdulhayoglu when reached by CRN.
The decision to call out Hanslovan publicly was because of the “bold statement” comment he made, Abdulhayoglu told CRN in an email.
“Why didn’t Kyle contact the Comodo CEO directly vs making a public comment?” he said. “I used the same ‘method’ as Kyle has used…hence my post.”
While he agreed with Hanslovan that 100 percent security doesn’t exist, he was not keen on Hanslovan’s “behavior” in “calling out” his company.
“It’s not a suitable thing for a CEO to engage with in my opinion,” he said. “I am sure Kyle is not a troll and this was a one-off incident on his behalf. I didn’t know who Kyle was until this incident.”
In hindsight, he said he did use “the biggest sin in cybersecurity: transparency” to call Huntress out, “and this does generate visceral responses from any cybersecurity firm, hence the reaction the post got.”
He said he eventually took the post down at the request of Xcitium CEO Ken Levine.
‘Kind of Mean and Kind of Crude’
Many of the comments were made up of back-and-forths and teetered on, what Hanslovan called, “kind of mean and kind of crude.”
Some MSPs stepped in to try to quell the dispute, others were in shock, but all received messages back from Abdulhayoglu.
“This is an awful display of leadership,” Art Gross, CEO of cybersecurity vendor Breach Secure Now, commented.
“I’m generally a nice guy. So here goes. Stop it. Please. I implore you,” commented Wes Spencer, vice president and channel chief of cyber insurance firm FifthWall Solutions.
“Holy cow, a CEO picking fights with other vendors online because he can’t handle any approach but his own (and from what I can see narrow) viewpoint. Sure fire way to never get considered as an actual competitor. It would do you well to remove this post,” commented Kelvin Tegelaar, co-owner and CTO of Lime Networks, a Netherlands-based MSP.
Abdulhayoglu replied to almost every comment in a variety of ways.
“Shame on you Kelvin Tegelaar for being a hyprocrite and spreader of misinformation,” he replied to Tegelaar.
“Glad you admitted you are uneducated in cybersecurity. It does clearly show I must say,” he commented to Ernest Murry, CTO of Genuine Technology Group, an Oregon-based MSP.
Abdulhayoglu did find common ground with some in the channel and agreed that no vendor should claim they offer 100 percent security, but stood by his argument that “Kyle Hanslovan should not have attacked me.”
‘In The Spirit Of Accountability’
Hanslovan said the post became one of those “eating popcorn and watching” moments, “but as a channel company who loves the channel, who loves the channel partners… I personally would never choose a strategy that involves me picking on channel partners.”
“Maybe I did unintentionally by my whatever one-sentence bold comment,” he added. “But I don‘t quite think that’s the spirit. I think mine was more of the spirit of accountability.”
His bigger frustration, he said, is that multiple companies are “making these insane, outlandish claims” that they offer 100 percent security protection. “For me, the bigger problem is vendor accountability and misrepresentation,” he said.
“These claims have real world effects and I see both small-and-midsize businesses and partners believe these claims. And then, since I live in the world where incidents happen, I have to explain when their data is gone of how this can happen and how these claims might just have been a little bit egregious. That‘s why I take offense to them because they are setting unreal expectations.”
He stressed that vendor claims that promise absolutes are recipes for disaster. “Or recipes for usability,” he said. “I actually have seen some solutions that could call themselves 100 percent completely bulletproof and it turns out, you just can‘t do anything on the computer when it’s happening. It makes it unusable to the environment which is not really in the spirit of security either.”
Partners Weigh In
Dustin Bolander, founder of Austin, Texas-based MSP Clear Guidance Partners, said he “100 percent” agreed with Hanslovan calling out the claim that Xcitium “stops all malware.”
“No security is 100 percent, there’s always unknown unknowns,” Bolander told CRN. “You don’t know what you don’t know about, and that is one of the cornerstones of security. Even if the vendor says, ‘We can block 100 percent of known attacks.’ Well great, how do you handle the unknown stuff?”
Although the known attacks are important, he said it’s the unknown attacks are where “all the crazy stuff happens.”
Jason Slagle, president of CNWR Inc., an Ohio-based MSP., said he has a “huge issue” with any vendor who makes “unreasonable, unverifiable” claims that they offer 100 percent protection.
“If I see it, I call them out,” he told CRN. “And kudos to Kyle for calling them out. Trying to play the victim card and then attacking is just crazy.”
He mentioned one of his comments on the post that said, “A lack of evidence is not an evidence of lack.”
“By definition, you don’t have visibility into things you didn’t catch,” he said.
Slagle defended Abdulhayoglu in that “he probably believes he’s proud of what he built, and he sees someone coming in and attacking his baby and gets really defensive of it.”
Other CEOs stepped in and advised Abdulhayoglu to delete the post and “think about what you want to do before you burn your entire channel to the ground,” Slagle said.
“But when that didn’t stop him, I don’t know what he was thinking,” he said.
Tegelaar was surprised that Abdulhayoglu called out Hanslovan publicly and at the “schoolyard insults” that ensued.
“It was just like why are you arguing with a competing CEO on the internet?” he told CRN. “Just give each other a call and knock off this childish behavior. It was sad to see.”
Tegelaar said there a lot of “uneducated MSPs” that are trying to find a “silver bullet” in cybersecurity, so any company who advertises 100 percent security are giving false hope to MSPs and their clients.
“You cannot be completely secure all of the time,” he said. “It’s some sort of utopia. There will always be the next thing that hackers will find to attack.”
Xcitium CEO Believes He And Huntress Could Work Together
“I‘m not sure anyone tells Melih what to do,” Xcitium CEO Levine told CRN in an email. “I think his sole goal is to further cybersecurity in general and Comodo / Xcitium specifically. When some of the comments started veering off, I mentioned that I was getting inbound emails and texts from people watching in real time.”
Without reading all of the comments, he asked Abdulhayoglu “to ease off because the perception was we were starting to challenge the channel which couldn‘t be further from the truth.”
“Melih is one of the brightest people I have ever met, and not just as a technologist and inventor, but in general knowledge also. As a result, Melih likes a good debate,” he said.
He believed Abdulhayoglu’s responses were “reasonable in explaining what we mean by our message, how impactful our technology is and why we make the claims we do.”
“Again, we weren’t defending 100 percent protection,” he said. “We all agree this cannot be guaranteed. But we HAVE been able to prevent 100 percent of damages from malware this far over our history due to our unique methodology. So Melih making that point seemed fine to me. But it then escalated as can happen when you two have cyber security giants going at it.”
He felt Hanslovan calling out Comodo/Xcitium on a “small fraction” of a message was surprising, but reiterated that Xcitium is very clear in its messaging in that they do not say 100 percent protection.
He said Xcitium’s attempt was to show “how our unique solution, layered into existing endpoint environments, has, so far anyhow, prevented any damage from cyberattacks in our customer base.”
Levine and Hanslovan have spoken about the incident, with Levine saying he would love to work together with Huntress in the future to combat cyber security threats.
Abdulhayoglu and Hanslovan both confirmed that they have not spoken to each other since messaging on the LinkedIn post.
“We are 100 percent channel,” Levine said. “OK maybe nothing is 100 percent, so as to not get into more trouble, let me say vast majority channel. And if people were thinking we called out the channel or another vendor (that is) well thought of in the channel, well that went far beyond the original intent.”